Project

General

Profile

Actions
Copy link

Optimization #6502

open
PA OD

schema: avoid - and . in keys

Optimization #6502: schema: avoid - and . in keys

Added by Philippe Antoine over 2 years ago. Updated 1 day ago.

Status:
In Review
Priority:
Normal
Assignee:
OISF Dev
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

From @Jason Ish

- don't break Elastic, just makes queries harder. '.' will break Elastic and some tools.

git grep '-' etc/schema.json . yields
- bittorrent-dht
- ftp-data
- icmp-prohib
- tcp-reset
- reject-target

These should use underscore

Related issues 1 (1 open0 closed)

Related to Suricata - Documentation #6478: schema: add missing fieldsAssignedOISF DevActions

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
 #1

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
 #2

alert.signature-id would be taken as a math expression.

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
 #3

Need some CI check after fixing the few fields

VJ Updated by Victor Julien about 1 year ago Actions
Copy link
 #4

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1

PA Updated by Philippe Antoine 11 months ago Actions
Copy link
 #5

@Jason Ish what do you think about this ? For 8rc1 ?

JI Updated by Jason Ish 10 months ago Actions
Copy link
 #6

It would be a breaking change to the log format, thoughts @Victor Julien? Would be nice to clean these up for consistency reasons, otherwise not a lot of value.

VJ Updated by Victor Julien 10 months ago Actions
Copy link
 #7

  • Target version changed from 8.0.0-rc1 to 9.0.0-beta1

PA Updated by Philippe Antoine 2 months ago Actions
Copy link
 #8

  • Status changed from New to Assigned

PA Updated by Philippe Antoine 1 day ago Actions
Copy link
 #9

  • Status changed from Assigned to In Review
Actions
Copy link

Also available in: PDF Atom